V-259416
CAT IIIn a split DNS configuration, where separate name servers are used between the external and internal networks, the internal name server must be configured to not be reachable from outside resolvers.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 0
Check Text
Consult with the system administrator to review the internal Windows DNS Server's firewall policy.
The inbound TCP and UDP ports 53 rule should be configured to only allow hosts from the internal network to query the internal DNS server.
If the firewall policy is not configured with the restriction, consult with the network firewall administrator to confirm the restriction on the network firewall.
If neither the DNS server's firewall policy nor the network firewall is configured to block external hosts from querying the internal DNS server, this is a finding.
Fix Text
Configure the internal DNS server's firewall policy, or the network firewall, to block queries from external hosts.
STIG Reference
- STIG
- Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
- Version
- 2
- Release
- 4
- Rule ID
- SV-259416r961863_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl | Unassigned | 2026-01-14T12:57:38.179760 | View in Context |